Analysis updated 2026-05-18
Study a working example of an encrypted, tamper-evident collaborative workspace design.
Experiment with the client SDK to build tables, lists, or collaborative text on top of an encrypted log.
Explore the zero-knowledge proof system used to verify server responses without trusting the server.
Prototype selective deletion or insider-protection features for a secure collaboration tool.
| encrypted-spaces/prototype | qewer33/ratscad | quininer/cbor4ii | |
|---|---|---|---|
| Stars | 95 | 98 | 89 |
| Language | Rust | Rust | Rust |
| Last pushed | — | — | 2025-11-30 |
| Maintenance | — | — | Quiet |
| Setup difficulty | hard | moderate | easy |
| Complexity | 5/5 | 3/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
This is an unaudited research prototype with placeholder authentication, not safe for real data or production use.
Most collaboration tools store everyone's shared data on a central server in readable form, meaning the company running that server can see the contents. This project explores a different approach: the server holds only encrypted data, and the software on each participant's device verifies every server response with cryptographic proofs before accepting it. A compromised server cannot silently alter what users see. The core concept is an Encrypted Collaboration Space, a shared workspace where multiple people can read and write structured data (tables, ordered lists, and collaborative text), but the server only handles ciphertexts and proof material. Every change is recorded in an append-only, hash-chained log. Clients check the current database state against the latest log entry on every server response, so any tampering is detected locally. The design targets four specific properties. First, verifiable history: every change is recorded in a tamper-evident log that members can audit. Second, selective deletion: members can remove data so neither the server nor future members can read it, without re-encrypting everything else. Third, insider protection: someone who leaves cannot read communications that happen after their removal, and a malicious insider cannot cause a silent denial of service for others. Fourth, deniable authorship: members know who wrote something, but there is no publicly verifiable cryptographic receipt linking a specific person to a specific message. The project is written in Rust. It includes a client SDK with a relational database API, core cryptographic primitives, a zero-knowledge proof system, a reference server, and example demo applications. The README carries a prominent warning: this is a research prototype that has not been audited or hardened for production. Authentication is a placeholder (the server accepts whatever identity a client claims), and some input handling paths are not yet protected against resource exhaustion. It must not be used in any production system or to protect sensitive data.
A Rust research prototype for a collaboration workspace where the server only ever sees encrypted data, verified with cryptographic proofs on each client.
Mainly Rust. The stack also includes Rust.
No license information is provided in the README.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.